[pve-devel] [PATCH] add ips feature v2
Alexandre DERUMIER
aderumier at odiso.com
Mon Mar 17 14:18:27 CET 2014
>>We can? Or we 'have to' replace that in order to make ips work?
Currently, it's working, when connection is already established.
Only the first ACCEPT is not yet managed.
>>I would like to have a complete patch before I commit this.
Sure ! I'll improve the patch this afternoon.
(I need also to check for vnet0)
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Lundi 17 Mars 2014 13:43:29
Objet: RE: [pve-devel] [PATCH] add ips feature v2
> >>We use '-j ACCEPT' at many places. Each of those calls will bypass the ips?
> >>So shouldn't we replace all occurrences of '-J ACCEPT'?
>
> I only replace when connection is established for now, but I think we can
> replace the -J ACCEPT in tap-in chains without problem.
We can? Or we 'have to' replace that in order to make ips work?
I would like to have a complete patch before I commit this.
More information about the pve-devel
mailing list